phone-verification

Warn

Audited by Socket on Jul 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s phone-verification purpose is plausible, but its actual data flow sends phone numbers, OTP codes, and bearer credentials through Gooseworks’ proxy instead of directly to Didit. The same-org infrastructure lowers malware concern, but the proxy routing and raw credential-file access make the skill moderately risky and not fully aligned with its stated integration purpose.

Confidence: 86%Severity: 64%
Audit Metadata
Analyzed At
Jul 2, 2026, 06:17 AM
Package URL
pkg:socket/skills-sh/athina-ai%2Fgoose-skills%2Fphone-verification%2F@53300ab1132d450fc5509afd169c7d9733d82178cc03939cd412f6245faad216
Security Audit — socket — phone-verification